<?php

class Auth extends Zend_Controller_Plugin_Abstract
{
	private $_auth;
	private $_acl;
	private $_userModel;

	private $_noAuth = array('module'    => 'default',
							 'controller' => 'auth',
							 'action'     => 'login');

	private $_noAcl = array('module'     => 'default',
							'controller' => 'error',
							'action'     => 'deny');

	public function __construct()
	{
		$this->_auth = Zend_Registry::get('auth');//Zend_Auth::getInstance();
   	    $this->_acl = Acl::getInstance()->getAcl();
		$this->_userModel = new Client_Table_Accounts();
	}

	public function preDispatch(Zend_Controller_Request_Abstract $request)
	{
		if ($this->_auth->hasIdentity() && intval($this->_auth->getIdentity()->id) > 0) {
			
			if($this->_userModel->CheckAccount((int) $this->_auth->getIdentity()->id))
			{
				$user = $this->_userModel->fetchRow('id = ' . (int)$this->_auth->getIdentity()->id);	
				$role = $user->findParentRow(new Client_Table_Role())->name;
			}
			else 
			{
				$this->_auth->clearIdentity();
				$role = 'guest';								
			}						
			
		} else {
			$this->_auth->clearIdentity();
			$role = 'guest';
		}

		$module = $request->module;
		$controller = $request->controller;
		$action = $request->action;	
		
		

		$resource = 'client:'.$module.':'.$controller;				
		
		if (!$this->_acl->has($resource)) {
			$resource = null;		
		}	
		
		
		/*if($this->_acl->isAllowed($role, $resource, $action))
		{
			echo '<br>not allowed:<br>'.$role.'<br>'.$resource.'<br>'.$action;
			die();
		}*/		
		
		
		$allow = $this->AdditionalChecks($role, $resource, $action);		
		
		//echo 'allow:'.$allow;
		
		if(is_null($allow))
			if (!$this->_acl->isAllowed($role, $resource, $action)) {
				if (!$this->_auth->hasIdentity()) {
					$module     = $this->_noAuth['module'];
					$controller = $this->_noAuth['controller'];
					$action     = $this->_noAuth['action'];
				} else {
					$module     = $this->_noAcl['module'];
					$controller = $this->_noAcl['controller'];
					$action     = $this->_noAcl['action'];
				}
			}

		$request -> setModuleName($module)
				 -> setControllerName($controller)
				 -> setActionName($action);
	}
	
	public function getUserInfo($id = null)
	{
		if ($this->_auth->hasIdentity()) {
			return $this->_userModel->GetUserInfo($id);
		}
		else {
			return null;
		}
	}
	
	public function getACL()
	{
		return $this->_acl;
	}
	
	public function AdditionalChecks($role, $resource, $action)
	{		
		//echo $resource.':'.$action;		
		
		if($action == 'uploadphotos') return 1;
		
		
		switch ($resource.':'.$action)
		{
			//function on the MY page
			case 'client:default:members:edit':
			case 'client:default:members:friends':
			case 'client:default:members:acceptfriend':
			case 'client:default:members:notacceptfriend':
			case 'client:default:members:removefriendajax':						
				$id =  $this->_request->getParam('id');
				$cur_id = @$this->_auth->getIdentity()->id;
				if($id == $cur_id) return 1;
				else return null;
				break;	
							
			// common use	
			case 'client:default:members:addfriend':				
			case 'client:default:members:removefriend':				
			case 'client:default:my:index':	
			case 'client:default:my:edit':
			case 'client:default:my:friends':
				$cur_id = @$this->_auth->getIdentity()->id;				
				if($cur_id > 0)	return 1;
				else return null;
				break;
				
			// for all
			case 'client:default:news:rating':
			case 'client:default:my-blog:uploadphotos':
			case 'client:default:my-gallery:uploadphotos':
			case 'client:default:my-gallery:checkphotos':
			case 'client:default:my-gallery:checkphotos':
				return 1;
				break;
			
				
			default:
				return null;
		}		
	}

}